Audit Highlights
The following are highlights of our work during the October 1, 2023–March 31, 2024, semiannual reporting period.
Credit Quality of Main Street Lending Program Loans
The Main Street Lending Program (MSLP) special purpose vehicle team established and followed processes for quarterly credit scoring, including monitoring payment performance, and workout loan management.
The Board's Videoconferencing Platform
The selected security controls for the Board's videoconferencing platform were effective overall; however, the Board can improve account management, audit log review, and security assessment and authorization controls.
The Board's Intelligence Programs
The Executive Intelligence Oversight Group did not establish foundational governance documents, measurable performance objectives, or policies and procedures documenting the roles and responsibilities for two of its three core functions.
Heartland Tri-State Bank
Heartland Tri-State Bank failed because of alleged fraud by its chief executive officer (CEO), who initiated wire transfers totaling about $47.1 million of the bank's funds as part of an apparent cryptocurrency scheme. The bank's failure cost the Deposit Insurance Fund (DIF) an estimated $54 million.
The Board's Projection Collection System
The Board's Projection Collection System is used to securely store economic projections from Federal Open Market Committee (FOMC) participants before the projections are released to the public. Overall, the security controls we tested for the Projection Collection System were effective; however, the Board can strengthen configuration management controls.
CFPB Practices to Mitigate Conflicts of Interest
The CFPB can mitigate the risk of conflicts of interest for examiners by clarifying rotation requirements for certain key examiners and by implementing an assignment tracking mechanism to monitor rotations and ensure policy compliance.
The CFPB's Videoconferencing Platform
The selected security controls tested for the videoconferencing platform were operating effectively; however, management can consider improving the monitoring of the videoconferencing platform's chat communications.